on 09-11-201802:10 PM - last edited
Are you helping to manage a large corporate environment with many firewalls that requires you to have multiple instances of Panorama? If so, then trying to keep the configurations in sync for the multiple instances of Panorama can be troublesome to deal with.
Centralized configuration management of firewalls is necessary to ensure consistency of policies. The only option today for large enterprises with higher number of firewalls than current Panorama limits (1,000 firewalls) is to deploy multiple instances of Panorama. Where the configuration is homogeneous and replicated at scale, keeping multiple Panorama instances in sync to ensure consistency is a manual process that introduces operational delays and increases security risk due to human errors.
The good news is that Palo Alto Networks has just introduced a new plugin for Panorama where a central Panorama controller instance can now manage multiple Panorama nodes.
This new Interconnect plugin will create a Panorama scale solution that can centralize management across one or more Panorama nodes to manage the entire device scale using all existing concepts of device groups, templates, objects, policies and network/device configuration. Note that this is a solution that replicates the configuration from a central Panorama Controller down to all Panorama nodes and provides no centralization of logging and reporting.
Panorama Interconnect features include:
Provide a Panorama management platform to achieve expending the total number of managed firewalls limitation from individual Panorama devices by adding them as nodes.
Centrally manage Panorama nodes. Status of each Panorama nodes and managed firewall devices can be viewed from the Panorama controller.
Centrally manage template stacks, templates, and device groups.
On-demand configuration sync across multiple Panorama nodes.
On-demand config push to managed firewall devices.
For more information about the Panorama Interconnect plugin, please see: